Welcome to the VMware

vSphere 6 Masterclass
Thank you for attending!

The webinar is due to start at 8:00pm Sydney time.

The webinar will be silent until that time.
Please be sure to check the subject forums while you wait, as
there is already some useful information and great discussion
going on there!

26/10/2016 1
 VMware vSphere 6
Masterclass

26/10/2016 2
Agenda
Week 1 Whats New in vSphere 6, vCenter

Week 2 Virtual Networking

Week 3 Virtual Storage

Week 4 Advanced Operations

Week 5 Assessment!

26/10/2016 3
Week 4 Advanced Operations
vSphere Clustering

vCenter Security

vShield

Lab Setup

26/10/2016 4
 vSphere Clustering

26/10/2016 5
Single-host Virtualisation
Stand-alone ESXi hosts provide a level of abstraction between
workloads (VMs) and physical hardware on a single physical host:
Virtual CPU
Virtual RAM
Virtual Disk
Virtual peripherals
Provides no redundancy or resilience in the event of a hardware
failure
Relies on built-in redundancy in the host (dual PSUs, storage RAID, etc)
Reduced feature availability vs vSphere Virtual Infrastructure
(including vCenter)
26/10/2016 6
Single-host Virtualisation
(contd)

26/10/2016 7
vSphere Virtual Infrastructure
Clustered ESXi hosts, managed by vCenter, allows greater level of resilience
due to greater hardware redundancy
Multiple servers removes single point of failure
Utilises shared resources (storage, network, etc)*
Two types of cluster
Dynamic Resource Scheduler (DRS)
High Availability (HA)
Includes advanced functionality to maintain availability and performance of
virtual workloads
Centralised Management of hosts and VMs
vMotion, Storage vMotion, Network I/O control, etc

26/10/2016 8
vSphere Clustering
ESXi hosts are moved from stand-alone to managed by vCenter server, which
provides automation and control of processes across the cluster
Installs vCenter management agents onto each ESXi host
hostd
vpxa
Clusters can run in DRS, HA or both DRS and HA modes
If running HA on the cluster, at least one host is elected as the master host
within the cluster
Responsible for monitoring slave hosts and initiating VM restarts if a host goes
missing
Monitors the power state of protected VMs restarting if a VM fails
Manages the list of cluster hosts and protected virtual machines
26/10/2016 9
Acts as an interface between vCenter and the cluster hosts
vSphere Clustering (contd)

26/10/2016 10
HA Clustering
Provides the ability to migrate VMs from one host to another in the case of a
host failure
Crash recovery. If seamless failover is required, Fault Tolerance should be considered.
Cluster heartbeats between master and slave hosts every second, datastore
heartbeating used as secondary failure detection mechanism
Three types of host failure are monitored for
Host offline (power loss or critical hardware failure)
Network isolation (host is powered on but has lost all network connectivity)
Network partitioning (host is powered on and has network connectivity, but cannot reach
other hosts in the cluster)
Admission Control ensures that sufficient resources are available to support
workloads that are failing over to remaining hosts
Prevents VMs from booting if remaining hosts are overloaded (insufficient resource
26/10/2016 11
reservations) or insufficient hosts remain online to support a further host failure
vMotion
vMotion is the feature used to migrate VMs from one host to
another
Transfers the memory footprint of a VM from one host to another, and
then cuts over the active VM from the source host to the destination
Requires vCenter
DRS clusters rely on vMotion to migrate workloads between
active ESXi hosts within the cluster
Requires that hosts have compatible hardware
Destination host must be of the same architecture as the source, and at
least the same generation (cannot be older)
Enhanced vMotion Compatibility (EVC) can be used to allow multiple
26/10/2016 12
architectures/generations of hardware within a cluster
vMotion (contd)

26/10/2016 13
DRS Clustering
DRS Clustering provides three key capabilities:
Load balancing ensuring that virtual workloads are balanced over
cluster resources
Allows prioritisation of workloads through granting access to shares of
CPU/RAM resources
Dynamic Power management (DPM), which can shut down/power on hosts
as workloads vary
Migrates VMs to a reduced number of hosts when quiet and shuts down
unneeded hosts
Uses Wake on LAN functionality to boot hosts as more resources become
required
Virtual Machine Placement, selecting which host on which a VM will boot
26/10/2016
when it is powered on, based on load balancing requirements and 14
HA + DRS Clustering
Combines HA and DRS on a single cluster, prioritising
and balancing workloads across hosts, and providing
failover in the event of hardware failure
Can provide faster re-allocation of resources due to hardware
failures or maintenance events
Introduces some complexities to both HA and DRS
operations
Care must be taken when enabling multiple options that they
do not clash
When HA is disabled, failover resource availability requirements are
26/10/2016 15
not considered by DRS
Fault Tolerance
Provides near-seamless failover of virtual machine workloads in the event of a
hardware failure
Enabled on a per-VM basis
Creates a second virtual machine on a separate host in the cluster, which
operates in lockstep with the primary virtual machine
Lockstep copy contains identical memory footprint of primary VM, uses the same
underlying VMDK (or can use a second storage copy as well)
When a failure of the host with the primary copy of the VM is detected, the
secondary VM is activated immediately
Some limitations on virtual hardware apply 2 vCPUs in Standard/Enterprise,
4 vCPUs in Enterprise Plus. 1Gbps interconnectivity between hosts minimum,
10Gbps recommended
26/10/2016
vMotion/EVC compatibility requirements apply as per DRS clustering 16
Fault Tolerance (contd)

26/10/2016 17
 vCenter Security

26/10/2016 18
vCenter Security
vCenter Security is managed as follows:
Privileges are fine-grained access controls. You can group
those privileges into roles that you can then map to users or
groups
Each object in the vCenter Server object hierarchy has
associated permissions. Each permission specifies for one
group or user which privileges that group or user has on the
object
Roles allow you to assign permissions on an object based on
a typical set of tasks that users perform
26/10/2016 19
vCenter Security (contd)

26/10/2016 20
vCenter Single Sign-On (SSO)
SSO provides federation between existing directory
services (such as Active Directory) and vCenter,
removing the requirement for separate logon
credentials to be maintained for vCenter
SSO services are provided by the Platform Services
Controller role within vCenter
Groups from within the external directory service (such
as AD) can be added to groups within vCenter which are
then assigned to roles and permissions.
26/10/2016 21
 vShield

26/10/2016 22
vShield
Suite of virtual appliances which provide security functionality
(including anti-virus) to vSphere environments
Requires separate network port-group for vShield management
Components:
vShield Manager centralised management of vShield
functionalities
vShield App Application-aware firewall (replaced vShield Zones)
vShield Edge perimeter security, includes DHCP, NAT, Load
Balancing & VPN
vShield Endpoint anti-virus and anti-malware functionality for
virtual environments
26/10/2016 23
Lab Setup
Create a second ESXi host, connect to vCenter
Enable HA + DRS Clustering, investigate configuration
options
vMotion a VM from one host to another
With DRS Clustering enabled, put a host with a VM on
it into maintenance mode what happens?
Power off an ESXi host with a VM on it what happens?

26/10/2016 24
Questions?

26/10/2016 25
Thank You!

26/10/2016 26